This invention relates to distributing public key certificates to protocol-independent multicast domains.
A public key used in only one domain is called a semi-public key. In a protocol-independent multicast domain (PIM domain), PIM entities within the domain are configured to have a copy of the semi-public key. This is in contrast to a fully-public key, which is used globally in more than one domain. Whether a system employs semi-public keys or fully-public keys, inherent within any key management scheme is the need for public keys to be certified by an accepted Trusted Authority before they are used in a domain. For the fully-public keys, the Trusted Authority can be a well-known entity or Trusted Third Party which certifies public keys globally. Examples of these Trusted Third Parties include Entrust Technologies Inc. of Plano, Tex. and RSA Data Security Inc. of San Jose, Calif.
In a PIM domain, in particular a PIM sparse mode domain (PIM-SM domain), a domain key distributor DKD can serve the function of a Trusted Authority for semi-public keys within a specific domain. Domain key distributor DKD has the administrative responsibility of certifying the semi-public keys within the domain and publishing them to other domain entities. Assuming the domain key distributor DKD has a public key pair (secret key, xe2x80x9cSkdkdxe2x80x9d, public key xe2x80x9cPkdkdxe2x80x9d), certification of a semi-public key of a PIM-entity is conducted by the domain key distributor DKD digitally-signing that entity""s public key using the domain key distributor DKD""s secret key xe2x80x9cSkdkd.xe2x80x9d Because each PIM entity is manually configured with the domain key distributor DKD""s public key Pkdkd, the resulting certificate is verifiable by all PIM routers in possession of the domain key distributor DKD""s public key. In other words, the domain key distributor DKD of a domain vouches for all PIM-entities in that domain.
However, this scheme does not work for inter-domain transactions, such as when a router in domain D2 wants to send a control message to an entity in domain D1. Even if the message was digitally signed by domain key distributor DKD2 in domain D2, the receiver entity in domain D1 is not able to verify the authenticity of the control message because it does not have the public key Pkdkd of the domain key distributor DKD2 in Domain D2.
This invention uses a protocol, such as the Multicast Source Discovery Protocol (MSDP), to deliver public key certification between rendez-vous points RP""s.
A rendez-vous point RP in a PIM-SM domain can have a MSDP peering relationship with other rendez-vous point RP""s in other domains. The peering relationship is a transport control protocol (TCP) connection. Each domain has a connection to the MSDP topology through which it can exchange control information with active sources and rendez-vous point RP""s in other domains. The normal source-tree building mechanism in PIM-SM is used to deliver multicast data over an inter-domain distribution tree.
In general, in one aspect, the invention features a system for sharing a plurality of public key certificates among a network of domains through MSDP. Each domain has a domain key distributor DKD for producing the plurality of public key certificates within the domain, and a rendez-vous point RP with a peering relationship with another rendez-vous point RP in another domain, the rendez-vous point-RP capable of generating MSDP messages configured to carry one or more key certificates of the plurality of public key certificates to the rendez-vous point of another domain.
Aspects of the invention can include one or more of the following features. The domains can be PIM-SM routing domains. The MSDP messages can be delivered to another domain by a TCP connection.
The MSDP messages can be source-active messages with a field extension containing one or more public key certificates. The source-active messages can be in TLV format. All routers in the domain can be configured with a public key of the domain key distributor DKD of the domain.
In another aspect, the invention features a method of delivering public key certificates from a sending domain to a receiving domain, each domain including a domain key distributor DKD with a key pair Pkdkd, Skdkd, a rendez-vous point RP and a plurality of routers. The method includes cross-certifying the domain key distributor DKDs of the sending domain and the receiving domain, producing a public key certificate for a router that sends inter-domain messages in the sending domain, delivering the public key certificate to the rendez-vous point RP of the sending domain, generating a MSDP message configured to carry the public key certificate, forwarding the MSDP message from the rendez-vous point RP of the sending domain to the rendez-vous point RP of the receiving domain, and propagating the public key certificate in the receiving domain.
Aspects of the invention can include one or more of the following features. Cross-certifying can consist of signing, by the domain key distributor DKD of the sending domain, of a public key certificate for the Pkdkd of the domain key distributor DKD of the receiving domain; announcing the public key certificate containing the Pkdkd of the receiving domain in the sending domain and the sending domain in the receiving domain; signing, by the domain key distributor DKD of the receiving domain, of a public key certificate for the Pkdkd of the sending domain, and announcing the public key certificate containing the Pkdkd of the sending domain in the receiving domain. Announcing can be conducted through multicast. The router sending inter-domain messages can be the rendez-vous point RP in the sending domain, and the certificate can be distributed to routers in a multicast group. The method of propagating can consist of verifying the certificate from the sending domain using the public key (Pkdkd) of the domain key distributor DKD of the sending domain, and distributing the certificate to routers in the receiving domain.
In another aspect, the invention is directed to a system having a first protocol-independent multicast sparse mode(PIM-SM) domain configured for a Multicast Source Discovery Protocol (MSDP) connection with a second PIM-SM domain, wherein the first domain is disposed to deliver key certificates generated within the first domain to the second domain through the MSDP connection.
Aspects of the invention can include one or more of the following features. The MSDP connection can comprise a TCP connection between a rendez-vous point RP in the first domain and a rendez-vous point RP in the second domain. The TCP connection can be protected from tampering by MD5 hash function. The rendez-vous point RP of the first domain can construct a source-active message configured to carry key certificates to the second domain through the TCP connection.
The key certificates can comprise semi-public key certificates wherein each certificate includes a semi-public key of a router in the first domain. The key certificates can be certified by a domain key distributor DKD of the first domain. The key certificates delivered to the second domain can be propagated in the second domain down a shared-tree rooted at a rendez-vous point RP of the second domain and to all routers in the second domain.